/**
* Tests OutputJsonConverter->outputResponse()
*/
public function testOutputResponse()
{
$inputConverter = new InputJsonConverter();
$outputConverter = new OutputJsonConverter();
$servletRequest = array('url' => '/people/1/@self');
$token = BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default');
$requestItem = RestRequestItem::createWithRequest($servletRequest, $token, $inputConverter, $outputConverter);
$requestItem->applyUrlTemplate("/people/{userId}/{groupId}/{personId}");
$response = array('entry' => array('isOwner' => false, 'isViewer' => false, 'displayName' => '1 1', 'id' => '1'));
$responseItem = new ResponseItem(null, null, $response);
ob_start();
$outputConverter->outputResponse($responseItem, $requestItem);
$output = ob_get_clean();
$expected = '{
"entry": {
"isOwner": false,
"isViewer": false,
"displayName": "1 1",
"id": "1"
}
}';
$outputJson = json_decode($output);
$expectedJson = json_decode($expected);
$this->assertEquals($expectedJson, $outputJson);
}
/**
* Tests OutputXmlConverter->outputResponse()
*/
public function testOutputResponse()
{
$inputConverter = new InputXmlConverter();
$outputConverter = new OutputXmlConverter();
$servletRequest = array('url' => '/people/1/@self');
$token = BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default');
$requestItem = RestRequestItem::createWithRequest($servletRequest, $token, $inputConverter, $outputConverter);
$requestItem->applyUrlTemplate("/people/{userId}/{groupId}/{personId}");
$entry = array('isOwner' => false, 'isViewer' => false, 'displayName' => '1 1', 'id' => '1');
$response = array('entry' => $entry);
$responseItem = new ResponseItem(null, null, $response);
ob_start();
$outputConverter->outputResponse($responseItem, $requestItem);
$output = ob_get_clean();
$expected = '<?xml version="1.0" encoding="UTF-8"?>
<response>
<entry>
<isOwner></isOwner>
<isViewer></isViewer>
<displayName>1 1</displayName>
<id>1</id>
</entry>
</response>
';
$outputXml = simplexml_load_string($output);
$expectedXml = simplexml_load_string($expected);
$this->assertEquals($expectedXml, $outputXml);
}
private function getToken()
{
if (is_null($this->token)) {
$this->token = BasicSecurityToken::createFromValues('john.doe', 'john.doe', 'app', 'domain', 'appUrl', '1');
}
return $this->token;
}
public function __construct()
{
$db = new JsonDbOpensocialService();
$db->resetDb();
$this->securityToken = BasicSecurityToken::createFromValues(1, 1, 1, 'partuza', 'test.com', 1, 0)->toSerialForm();
$this->securityToken = urldecode($this->securityToken);
$this->restUrl = 'http://localhost' . Config::get('web_prefix') . '/social/rest';
}
/**
* gets security token string from get, post or auth header
* @return string
*/
public static function getTokenStringFromRequest()
{
if (self::$rawToken) {
return self::$rawToken;
}
$headers = OAuthUtil::get_headers();
self::$rawToken = isset($_GET['st']) ? $_GET['st'] : (isset($_POST['st']) ? $_POST['st'] : (isset($headers['Authorization']) ? self::parseAuthorization($headers['Authorization']) : ''));
return self::$rawToken;
}
/**
* Produces the proxied version of a URL if it falls within the content-rewrite params and
* will append a refresh param to the proxied url based on the expires param, and the gadget
* url so that the proxy server knows to rewrite it's content or not
*
* @param string $url
* @return string
*/
private function getProxyUrl($url)
{
if (strpos(strtolower($url), 'http://') === false && strpos(strtolower($url), 'https://') === false) {
$url = $this->baseUrl . $url;
}
$url = Config::get('web_prefix') . '/gadgets/proxy?url=' . urlencode($url);
$url .= '&refresh=' . (isset($this->rewrite['expires']) && is_numeric($this->rewrite['expires']) ? $this->rewrite['expires'] : '3600');
$url .= '&gadget=' . urlencode($this->context->getUrl());
$url .= '&st=' . urlencode(BasicSecurityToken::getTokenStringFromRequest());
return $url;
}
/**
* Fetches the content and returns it as-is using the headers as returned
* by the remote host.
*
* @param string $url the url to retrieve
*/
public function fetch($url)
{
// TODO: Check to see if we can just use MakeRequestOptions::fromCurrentRequest
$st = BasicSecurityToken::getTokenStringFromRequest();
$body = isset($_GET['postData']) ? $_GET['postData'] : (isset($_POST['postData']) ? $_POST['postData'] : false);
$authz = isset($_GET['authz']) ? $_GET['authz'] : (isset($_POST['authz']) ? $_POST['authz'] : null);
$headers = isset($_GET['headers']) ? $_GET['headers'] : (isset($_POST['headers']) ? $_POST['headers'] : null);
$params = new MakeRequestOptions($url);
$params->setSecurityTokenString($st)->setAuthz($authz)->setRequestBody($body)->setHttpMethod('GET')->setFormEncodedRequestHeaders($headers)->setNoCache($this->context->getIgnoreCache());
$result = $this->makeRequest->fetch($this->context, $params);
$httpCode = (int) $result->getHttpCode();
$cleanedResponseHeaders = $this->makeRequest->cleanResponseHeaders($result->getResponseHeaders());
$isShockwaveFlash = false;
foreach ($cleanedResponseHeaders as $key => $val) {
header("{$key}: {$val}", true);
if (strtoupper($key) == 'CONTENT-TYPE' && strtolower($val) == 'application/x-shockwave-flash') {
// We're skipping the content disposition header for flash due to an issue with Flash player 10
// This does make some sites a higher value phishing target, but this can be mitigated by
// additional referer checks.
$isShockwaveFlash = true;
}
}
if (!$isShockwaveFlash && !Config::get('debug')) {
header('Content-Disposition: attachment;filename=p.txt');
}
$lastModified = $result->getResponseHeader('Last-Modified') != null ? $result->getResponseHeader('Last-Modified') : gmdate('D, d M Y H:i:s', $result->getCreated()) . ' GMT';
$notModified = false;
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && $lastModified && !isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
$if_modified_since = strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']);
// Use the request's Last-Modified, otherwise fall back on our internal time keeping (the time the request was created)
$lastModified = strtotime($lastModified);
if ($lastModified <= $if_modified_since) {
$notModified = true;
}
}
if ($httpCode == 200) {
// only set caching headers if the result was 'OK'
$this->setCachingHeaders($lastModified);
// was the &gadget=<gadget url> specified in the request? if so parse it and check the rewrite settings
if (isset($_GET['gadget'])) {
$this->rewriteContent($_GET['gadget'], $result);
}
}
// If the cached file time is within the refreshInterval params value, return not-modified
if ($notModified) {
header('HTTP/1.0 304 Not Modified', true);
header('Content-Length: 0', true);
} else {
header("HTTP/1.1 {$httpCode} " . $result->getHttpCodeMsg());
// then echo the content
echo $result->getResponseContent();
}
}
/**
* Tests MessagesHandler->handlePut()
*/
public function testHandlePut()
{
$token = BasicSecurityToken::createFromValues('john.doe', 'john.doe', 'app', 'domain', 'appUrl', '1');
//Create message
$request = array();
$request['url'] = '/messages/@viewer/outbox/1';
$request['postData'] = 'message 1';
$requestItem = new RestRequestItem();
$requestItem->createRequestItemWithRequest($request, $token);
$response = $this->MessagesHandler->handlePut($requestItem);
$this->assertEquals(NOT_IMPLEMENTED, $response->getError());
$this->assertEquals("Not implemented", $response->getErrorMessage());
}
/**
* Tests UserId->getUserId()
*/
public function testGetUserId()
{
$token = BasicSecurityToken::createFromValues('john.doe', 'john.doe', 'app', 'domain', 'appUrl', '1');
$userId = $this->UserId->getUserId($token);
$this->assertEquals('john.doe', $userId);
$this->UserId->__construct(UserId::$types[1], 1);
//owner
$userId = $this->UserId->getUserId($token);
$this->assertEquals('john.doe', $userId);
$this->UserId->__construct(UserId::$types[2], 1);
//userId
$userId = $this->UserId->getUserId($token);
$this->assertEquals('1', $userId);
}
/**
* Tests RestRequestItem->createWithRequest()
*/
public function testCreateWithRequest()
{
$expectedParams = array('oauth_nonce' => '10075052d8a3cd0087d11346edba8f1f', 'oauth_timestamp' => '1242011332', 'oauth_consumer_key' => 'consumerKey', 'fields' => 'gender,name', 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_signature' => 'wDcyXTBqhxW70G+ddZtw7zPVGyE=');
$urlencodedParams = array();
foreach ($expectedParams as $key => $value) {
$urlencodedParams[] = $key . '=' . urlencode($value);
}
$url = '/people/1/@self?' . join('&', $urlencodedParams);
$outputConverter = new OutputJsonConverter();
$servletRequest = array('url' => $url);
$token = BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default');
$requestItem = RestRequestItem::createWithRequest($servletRequest, $token, 'convertJson', $outputConverter);
$params = $requestItem->getParameters();
$this->assertEquals($expectedParams, $params);
}
/**
* Tests JsonDbOpensocialService->getActivities() with paging.
*/
public function testGetActivities()
{
$token = BasicSecurityToken::createFromValues('jane.doe', 'jane.doe', 1, 1, 1, 1);
$userId = new UserId('owner', null);
$userIds = array($userId);
$groupId = new GroupId('self', null);
$startIndex = 1;
$count = 1;
$ret = $this->service->getActivities($userIds, $groupId, 1, null, null, null, null, $startIndex, $count, null, 1, $token);
$this->assertEquals($startIndex, $ret->startIndex);
$this->assertEquals($count, count($ret->entry));
$this->assertEquals(2, $ret->totalResults);
$this->assertEquals('2', $ret->entry[0]['id']);
$this->assertEquals('Jane says George likes yoda!', $ret->entry[0]['title']);
$this->assertEquals('or is it you?', $ret->entry[0]['body']);
}
/**
* Tests PeopleHandler->handleGet()
*/
public function testHandleGet()
{
$request = array();
$request['url'] = '/people/@viewer/@self';
$request['method'] = 'GET';
$token = BasicSecurityToken::createFromValues('john.doe', 'john.doe', 'app', 'domain', 'appUrl', '1');
$requestItem = new RestRequestItem();
$requestItem->createRequestItemWithRequest($request, $token);
$response = $this->PeopleHandler->handleGet($requestItem);
$person = $response->getResponse();
$this->assertEquals('john.doe', $person['id']);
$this->assertEquals('MALE', $person['gender']['key']);
$this->assertEquals('Male', $person['gender']['displayValue']);
$this->assertEquals('Doe', $person['name']['familyName']);
$this->assertEquals('John', $person['name']['givenName']);
$this->assertEquals('John Doe', $person['name']['unstructured']);
}
/**
* {@inheritDoc}
*
* Returns a token with some faked out values.
*/
public function createToken($stringToken)
{
if (empty($stringToken) && !empty($_GET['authz'])) {
throw new GadgetException('INVALID_GADGET_TOKEN');
}
try {
//TODO remove this once we have a better way to generate a fake token
// in the example files
if (Config::get('allow_plaintext_token') && count(explode(':', $stringToken)) == 6) {
$tokens = explode(":", $stringToken);
return new BasicSecurityToken(null, null, urldecode($tokens[$this->OWNER_INDEX]), urldecode($tokens[$this->VIEWER_INDEX]), urldecode($tokens[$this->APP_ID_INDEX]), urldecode($tokens[$this->CONTAINER_INDEX]), urldecode($tokens[$this->APP_URL_INDEX]), urldecode($tokens[$this->MODULE_ID_INDEX]));
} else {
return BasicSecurityToken::createFromToken($stringToken, Config::get('token_max_age'));
}
} catch (Exception $e) {
throw new GadgetException('INVALID_GADGET_TOKEN');
}
}
/**
*
* @return SecurityToken
*/
private function getSecurityToken()
{
$token = BasicSecurityToken::getTokenStringFromRequest();
if (empty($token)) {
if (Config::get('allow_anonymous_token')) {
// no security token, continue anonymously, remeber to check
// for private profiles etc in your code so their not publicly
// accessable to anoymous users! Anonymous == owner = viewer = appId = modId = 0
// create token with 0 values, no gadget url, no domain and 0 duration
$gadgetSigner = Config::get('security_token');
return new $gadgetSigner(null, 0, SecurityToken::$ANONYMOUS, SecurityToken::$ANONYMOUS, 0, '', '', 0, Config::get('container_id'));
} else {
return null;
}
}
$gadgetSigner = Config::get('security_token_signer');
$gadgetSigner = new $gadgetSigner();
return $gadgetSigner->createToken($token);
}
/**
* Tests OutputAtomConverter->outputResponse()
*/
public function testOutputResponse()
{
$inputConverter = new InputAtomConverter();
$outputConverter = new OutputAtomConverter();
$servletRequest = array('url' => '/people/1/@self');
$token = BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default');
$requestItem = RestRequestItem::createWithRequest($servletRequest, $token, $inputConverter, $outputConverter);
$requestItem->applyUrlTemplate("/people/{userId}/{groupId}/{personId}");
$entry = array('isOwner' => false, 'isViewer' => false, 'displayName' => '1 1', 'id' => '1');
$response = array('entry' => $entry);
$responseItem = new ResponseItem(null, null, $response);
ob_start();
$outputConverter->outputResponse($responseItem, $requestItem);
$output = ob_get_clean();
$expected = '<entry xmlns="http://www.w3.org/2005/Atom">
<title>person entry for shindig:1</title>
<author>
<uri>urn:guid:1</uri>
<name>shindig:1</name>
</author>
<id>urn:guid:1</id>
<updated>2008-12-11T19:58:31+01:00</updated>
<content type="application/xml">
<entry xmlns="http://ns.opensocial.org/2008/opensocial">
<isOwner></isOwner>
<isViewer></isViewer>
<displayName>1 1</displayName>
<id>1</id>
</entry>
</content>
</entry>
';
$outputXml = simplexml_load_string($output);
$expectedXml = simplexml_load_string($expected);
$expectedXml->updated = $outputXml->updated;
// Prefix may be 'shindig' or something else.
$expectedXml->title = $outputXml->title;
$expectedXml->author->name = $outputXml->author->name;
$this->assertEquals($expectedXml, $outputXml);
}
public function set($params)
{
if (empty($_GET['st']) || empty($_GET['name']) || !isset($_GET['value'])) {
header("HTTP/1.0 400 Bad Request", true);
echo "<html><body><h1>400 - Bad Request</h1></body></html>";
} else {
try {
$st = urldecode(base64_decode($_GET['st']));
$key = urldecode($_GET['name']);
$value = urldecode($_GET['value']);
$token = BasicSecurityToken::createFromToken($st, PartuzaConfig::get('st_max_age'));
$app_id = $token->getAppId();
$viewer = $token->getViewerId();
$apps = $this->model('applications');
$apps->set_application_pref($viewer, $app_id, $key, $value);
} catch (Exception $e) {
header("HTTP/1.0 400 Bad Request", true);
echo "<html><body><h1>400 - Bad Request</h1>" . $e->getMessage() . "</body></html>";
}
}
die;
}
/**
*
* @return SecurityToken
*/
public function getSecurityToken()
{
// Support a configurable host name ('http_host' key) so that OAuth signatures don't fail in reverse-proxy type situations
$scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
$http_url = $scheme . '://' . (Config::get('http_host') ? Config::get('http_host') : $_SERVER['HTTP_HOST']) . $_SERVER['REQUEST_URI'];
// see if we have an OAuth request
$request = OAuthRequest::from_request(null, $http_url, null);
$appUrl = $request->get_parameter('oauth_consumer_key');
$userId = $request->get_parameter('xoauth_requestor_id');
// from Consumer Request extension (2-legged OAuth)
$signature = $request->get_parameter('oauth_signature');
if ($appUrl && $signature) {
//if ($appUrl && $signature && $userId) {
// look up the user and perms for this oauth request
$oauthLookupService = Config::get('oauth_lookup_service');
$oauthLookupService = new $oauthLookupService();
$token = $oauthLookupService->getSecurityToken($request, $appUrl, $userId, $this->getContentType());
if ($token) {
$token->setAuthenticationMode(AuthenticationMode::$OAUTH_CONSUMER_REQUEST);
return $token;
} else {
return null;
// invalid oauth request, or 3rd party doesn't have access to this user
}
}
// else, not a valid oauth request, so don't bother
// look for encrypted security token
$token = BasicSecurityToken::getTokenStringFromRequest();
if (empty($token)) {
if (Config::get('allow_anonymous_token')) {
// no security token, continue anonymously, remeber to check
// for private profiles etc in your code so their not publicly
// accessable to anoymous users! Anonymous == owner = viewer = appId = modId = 0
// create token with 0 values, no gadget url, no domain and 0 duration
$gadgetSigner = Config::get('security_token');
return new $gadgetSigner(null, 0, SecurityToken::$ANONYMOUS, SecurityToken::$ANONYMOUS, 0, '', '', 0, Config::get('container_id'));
} else {
return null;
}
}
$gadgetSigner = Config::get('security_token_signer');
$gadgetSigner = new $gadgetSigner();
return $gadgetSigner->createToken($token);
}
/**
* Tests BasicSecurityToken->isAnonymous()
*/
public function testIsAnonymous()
{
$this->assertFalse($this->BasicSecurityToken->isAnonymous());
}
<link rel='stylesheet' type='text/css' href='../html/css/general.css'>
<script type="text/javascript" src="../html/js/validations.js"></script>
<?php
require_once 'Config/config.php';
$ret = array();
$res = "select * from applications where id = {$app_id}";
$rs_Apps = mysql_query($res);
$row_rs_Apps = mysql_fetch_assoc($rs_Apps);
$gadget = $row_rs_Apps;
$container = 'default';
$prefs = '';
if ($gadget['user_prefs']) {
foreach ($gadget['user_prefs'] as $name => $value) {
if (!empty($value) && !isset($appParams[$name])) {
$prefs .= '&up_' . urlencode($name) . '=' . urlencode($value);
}
}
}
$securityToken = BasicSecurityToken::createFromValues(isset($person_id) ? $person_id : '0', isset($viewer_id) ? $viewer_id : '0', $gadget['id'], $_SERVER['HTTP_HOST'], urlencode($gadget['url']), $gadget['mod_id']);
$gadget_url_params = array();
parse_str(parse_url($gadget['url'], PHP_URL_QUERY), $gadget_url_params);
$iframe_url = $gadget_server . '/gadgets/ifr?' . "synd=" . $container . "&container=" . $container . "&viewer=" . (isset($viewer_id) ? $viewer_id : '0') . "&owner=" . (isset($person_id) ? $person_id : $viewer_id) . "&aid=" . $gadget['id'] . "&mid=" . $gadget['mod_id'] . "&nocache=1" . "&country=US" . "&lang=EN" . "&view=" . $view . "&parent=" . urlencode("http://" . $_SERVER['HTTP_HOST']) . $prefs . (isset($_REQUEST['appParams']) ? '&view-params=' . urlencode($_REQUEST['appParams']) : '') . "&st=" . base64_encode($securityToken->toSerialForm()) . "&v=" . $gadget['version'] . "&url=" . urlencode($gadget['url']) . "#rpctoken=" . rand(0, getrandmax());
$height = !empty($gadget['height']) ? $gadget['height'] : '200';
$iframe_name = "remote_iframe_" . $mod_id;
$iframe_id = "remote_iframe_" . $mod_id;
$scrolling = $gadget['scrolling'] ? 'yes' : 'no';
$iframe_str = "<iframe width=" . $width . " height=" . $height . " name=" . $iframe_name . " id=" . $iframe_id . " scrolling =" . $scrolling . " frameborder='no' src= '" . $iframe_url . "' class='gadgets-gadget' style=\"display:none;\" onLoad=\"showIframe('" . $iframe_id . "','" . $mod_id . "');\"></iframe>";
echo "<div class='iframe_div'>" . $iframe_str . "</div>";
?>
/**
* Return iframe URL based on the given parameters
* @param int owner id
* @param string avaiable options are 'profile', 'canvas'
* http://code.google.com/apis/orkut/docs/orkutdevguide/orkutdevguide-0.8.html#ops_mode
* @param string extra application parameters
* @return iframe url
*/
function getIframeUrl($oid, $view = 'default', $appParams = '')
{
$app_settings = $this->getSettings();
$user_settings = $this->getApplicationSettings($_SESSION['member_id']);
//retrieve user preferences
foreach ($app_settings as $key => $setting) {
if (!empty($key)) {
$value = isset($user_settings[$key]) ? $user_settings[$key] : (isset($setting->default) ? $setting->default : null);
if (isset($user_settings[$key])) {
unset($user_settings[$key]);
}
//shindig doesn't like ';', it only takes '&' as of Apr 6th, 2009
//$prefs .= SEP.'up_' . urlencode($key) . '=' . urlencode($value);
$prefs .= '&up_' . urlencode($key) . '=' . urlencode($value);
}
}
foreach ($user_settings as $name => $value) {
// if some keys _are_ set in the db, but not in the gadget metadata, we still parse them on the url
// (the above loop unsets the entries that matched
if (!empty($value) && !isset($appParams[$name])) {
//shindig doesn't like ';', it only takes '&' as of Apr 6th, 2009
//$prefs .= SEP.'up_' . urlencode($name) . '=' . urlencode($value);
$prefs .= '&up_' . urlencode($name) . '=' . urlencode($value);
}
}
//generate security token
$securityToken = BasicSecurityToken::createFromValues($oid > 0 ? $oid : $_SESSION['member_id'], $_SESSION['member_id'], $this->getId(), 'default', urlencode($this->getUrl()), $this->getModuleId());
// mod id
//TODO:
// all the & should be using the constant "SEP", however, shingdig isn't parsing ";",
// it only parses "&". Once shindig fixed this, we gotta change it back to SEP
//@harris July 23, 2009
$url = AT_SHINDIG_URL . '/gadgets/ifr?' . "bpc=1&synd=ATutor" . "&container=default" . "&viewer=" . $_SESSION['member_id'] . "&owner=" . $oid . "&aid=" . $this->getId() . "&mid=" . $this->getModuleId() . "&country=US" . "&lang=en" . "&view=" . $view . "&parent=" . urlencode("http://" . $_SERVER['HTTP_HOST']) . $prefs . (isset($appParams) ? '&view-params=' . urlencode($appParams) : '') . "&st=" . urlencode(base64_encode($securityToken->toSerialForm())) . "&v=" . $this->getVersion() . "&url=" . urlencode($this->getUrl()) . "#rpctoken=" . rand(0, getrandmax());
//random unique number
return $url;
}
if (isset($user_prefs[$key])) {
unset($user_prefs[$key]);
}
$prefs .= '&up_' . urlencode($key) . '=' . urlencode($value);
}
}
// Prepare the user preferences for inclusion in the iframe url
foreach ($user_prefs as $name => $value) {
// if some keys _are_ set in the db, but not in the gadget metadata, we still parse them on the url
// (the above loop unsets the entries that matched
if (!empty($value) && !isset($appParams[$name])) {
$prefs .= '&up_' . urlencode($name) . '=' . urlencode($value);
}
}
// Create an encrypted security token, this is used by shindig to get the various gadget instance info like the viewer and owner
$securityToken = BasicSecurityToken::createFromValues(isset($vars['person']['id']) ? $vars['person']['id'] : SecurityToken::$ANONYMOUS, isset($_SESSION['id']) ? $_SESSION['id'] : SecurityToken::$ANONYMOUS, $gadget['id'], PartuzaConfig::get('container'), urlencode($gadget['url']), $gadget['mod_id']);
$gadget_url_params = array();
parse_str(parse_url($gadget['url'], PHP_URL_QUERY), $gadget_url_params);
// Create the actual iframe URL, this containers a slew of query params that shindig requires to render the gadget, and for the gadget to be able to make social requests
$rpctoken = rand(0, getrandmax());
$iframe_url = PartuzaConfig::get('gadget_server') . '/gadgets/ifr?' . "synd=" . PartuzaConfig::get('container') . "&container=" . PartuzaConfig::get('container') . "&viewer=" . (isset($_SESSION['id']) ? $_SESSION['id'] : '0') . "&owner=" . (isset($vars['person']['id']) ? $vars['person']['id'] : '0') . "&aid=" . $gadget['id'] . "&mid=" . $gadget['mod_id'] . (isset($_GET['nocache']) && $_GET['nocache'] == '1' || isset($gadget_url_params['nocache']) && intval($gadget_url_params['nocache']) == 1 || isset($_GET['bpc']) && $_GET['bpc'] == '1' ? "&nocache=1" : '') . "&country=US" . "&lang=en" . "&view=" . $view . "&parent=" . urlencode("http://" . $_SERVER['HTTP_HOST']) . $prefs . (isset($_GET['appParams']) ? '&view-params=' . urlencode($_GET['appParams']) : '') . "&st=" . urlencode(base64_encode($securityToken->toSerialForm())) . "&v=" . $gadget['version'] . "&url=" . urlencode($gadget['url']) . "#rpctoken=" . $rpctoken;
// Create some chrome, this includes a header with a title, various button for varios actions, and the actual iframe
?>
<div class="gadgets-gadget-chrome" style="width:<?php
echo $width;
?>
px">
<div id="gadgets-gadget-title-bar-<?php
echo $gadget['mod_id'];
?>
" class="gadgets-gadget-title-bar">
/**
* Tests ActivitiesHandler->handlePut()
*/
public function testHandlePut()
{
return;
$token = BasicSecurityToken::createFromValues('john.doe', 'john.doe', 'app', 'domain', 'appUrl', '1');
//Create activity
$request = array();
$request['url'] = '/activities/@viewer/@self/@app?networkDistance=';
$request['method'] = 'POST';
$request['postData'] = array();
$request['postData']['id'] = '3';
$request['postData']['appId'] = '1';
$request['postData']['userId'] = 'john.doe';
$request['postData']['title'] = 'TestPost 3';
$request['postData']['body'] = 'TestBody 3';
$requestItem = new RestRequestItem();
$requestItem->createRequestItemWithRequest($request, $token);
$this->ActivitiesHandler->handlePut($requestItem);
//Validate generated activity
$request = array();
$request['url'] = '/activities/@viewer/@self/@app';
$request['method'] = 'GET';
$requestItem = new RestRequestItem();
$requestItem->createRequestItemWithRequest($request, $token);
$response = $this->ActivitiesHandler->handleGet($requestItem);
$response = $response->getResponse();
$entry = $response->getEntry();
$this->assertEquals('2', $response->getTotalResults());
//First Entry
$this->assertEquals('1', $entry[0]['id']);
$this->assertEquals('john.doe', $entry[0]['userId']);
$this->assertEquals('yellow', $entry[0]['title']);
$this->assertEquals('what a color!', $entry[0]['body']);
//Second Entry
$this->assertEquals('3', $entry[1]['id']);
$this->assertEquals('john.doe', $entry[1]['userId']);
$this->assertEquals('TestPost 3', $entry[1]['title']);
$this->assertEquals('TestBody 3', $entry[1]['body']);
}
public function testInvalidateUserResourcesWithEmptyAppId()
{
$token = BasicSecurityToken::createFromValues('owner', 'viewer', null, 'domain', 'appUrl', '1', 'default');
$token->setAuthenticationMode(AuthenticationMode::$OAUTH_CONSUMER_REQUEST);
$request = new RemoteContentRequest('http://url');
$request->setToken($token);
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$this->service->markResponse($request);
$opensocialIds = array('owner');
$this->service->invalidateUserResources($opensocialIds, $token);
$this->assertFalse($this->service->isValid($request));
$this->service->markResponse($request);
$this->assertTrue($this->service->isValid($request));
}
public function testGetMessageCollections()
{
$token = BasicSecurityToken::createFromValues('john.doe', 'john.doe', 1, 1, 1, 1, 'default');
$userId = new UserId('owner', null);
$ret = $this->service->getMessageCollections($userId, MessageCollection::$DEFAULT_FIELDS, null, $token);
$this->assertEquals('Notifications', $ret->entry[0]['title']);
$this->assertEquals('notification', $ret->entry[0]['id']);
$this->assertEquals(2, $ret->entry[0]['total']);
$this->assertEquals('Inbox', $ret->entry[1]['title']);
$this->assertEquals('privateMessage', $ret->entry[1]['id']);
$this->assertEquals(0, $ret->entry[1]['total']);
$this->assertEquals('Inbox', $ret->entry[2]['title']);
$this->assertEquals('publicMessage', $ret->entry[2]['id']);
$this->assertEquals(0, $ret->entry[2]['total']);
}
/**
* Builds a MakeRequestOptions object from the current $_GET and $_POST
* superglobals.
*
* @return MakeRequestOptions An object initialized from the current request.
* @throws MakeRequestParameterException If any of the parameters were
* invalid.
*/
public static function fromCurrentRequest()
{
$href = MakeRequestOptions::getRequestParam('href');
if (!isset($href)) {
$href = MakeRequestOptions::getRequestParam('url');
}
$options = new MakeRequestOptions($href);
$options->setHttpMethod(MakeRequestOptions::getRequestParam('httpMethod'))->setRequestBody(MakeRequestOptions::getRequestParam('postData'))->setFormEncodedRequestHeaders(MakeRequestOptions::getRequestParam('headers'))->setResponseFormat(MakeRequestOptions::getRequestParam('contentType'))->setAuthz(MakeRequestOptions::getRequestParam('authz'))->setSignViewer(MakeRequestOptions::getRequestParam('signViewer', 'boolean'))->setSignOwner(MakeRequestOptions::getRequestParam('signOwner', 'boolean'))->setNumEntries(MakeRequestOptions::getRequestParam('numEntries', 'integer'))->setGetSummaries(MakeRequestOptions::getRequestParam('getSummaries', 'boolean'))->setRefreshInterval(MakeRequestOptions::getRequestParam('refreshInterval', 'integer'))->setNoCache(MakeRequestOptions::getRequestParam('bypassSpecCache', 'boolean'))->setOAuthServiceName(MakeRequestOptions::getRequestParam('OAUTH_SERVICE_NAME'))->setOAuthTokenName(MakeRequestOptions::getRequestParam('OAUTH_TOKEN_NAME'))->setOAuthRequestToken(MakeRequestOptions::getRequestParam('OAUTH_REQUEST_TOKEN'))->setOAuthRequestTokenSecret(MakeRequestOptions::getRequestParam('OAUTH_REQUEST_TOKEN_SECRET'))->setOAuthUseToken(MakeRequestOptions::getRequestParam('OAUTH_USE_TOKEN'))->setOAuthReceivedCallback(MakeRequestOptions::getRequestParam('OAUTH_RECEIVED_CALLBACK'))->setOAuthClientState(MakeRequestOptions::getRequestParam('oauthState'))->setSecurityTokenString(BasicSecurityToken::getTokenStringFromRequest());
return $options;
}
public function load_get_application($app_url)
{
global $db;
$error = false;
$info = array();
// see if we have up-to-date info in our db. Cut-off time is 1 day (aka refresh module info once a day)
$time = $_SERVER['REQUEST_TIME'] - 24 * 60 * 60;
$url = $db->addslashes($app_url);
$res = $db->query("select * from applications where url = '{$url}' and modified > {$time}");
if ($db->num_rows($res)) {
// we have an entry with up-to-date info
$info = $db->fetch_array($res, MYSQLI_ASSOC);
} else {
// Either we dont have a record of this module or its out of date, so we retrieve the app meta data.
// Create a fake security token so that gadgets with signed preloading don't fail to load
$securityToken = BasicSecurityToken::createFromValues(1, 1, 0, PartuzaConfig::get('container'), urlencode($app_url), 0, 1);
$response = $this->fetch_gadget_metadata($app_url, $securityToken);
if (!is_object($response) && !is_array($response)) {
// invalid json object, something bad happened on the shindig metadata side.
$error = 'An error occured while retrieving the gadget information';
} else {
// valid response, process it
$gadget = $response->gadgets[0];
if (isset($gadget->errors) && !empty($gadget->errors[0])) {
// failed to retrieve gadget, or failed parsing it
$error = $gadget->errors[0];
} else {
// retrieved and parsed gadget ok, store it in db
$info['url'] = $db->addslashes($gadget->url);
$info['title'] = isset($gadget->title) ? $gadget->title : '';
$info['directory_title'] = isset($gadget->directoryTitle) ? $gadget->directoryTitle : '';
$info['height'] = isset($gadget->height) ? $gadget->height : '';
$info['screenshot'] = isset($gadget->screenshot) ? $gadget->screenshot : '';
$info['thumbnail'] = isset($gadget->thumbnail) ? $gadget->thumbnail : '';
$info['author'] = isset($gadget->author) ? $gadget->author : '';
$info['author_email'] = isset($gadget->authorEmail) ? $gadget->authorEmail : '';
$info['description'] = isset($gadget->description) ? $gadget->description : '';
$info['settings'] = isset($gadget->userPrefs) ? serialize($gadget->userPrefs) : '';
$info['views'] = isset($gadget->views) ? serialize($gadget->views) : '';
if ($gadget->scrolling == 'true') {
$gadget->scrolling = 1;
}
$info['scrolling'] = !empty($gadget->scrolling) ? $gadget->scrolling : '0';
$info['height'] = !empty($gadget->height) ? $gadget->height : '0';
// extract the version from the iframe url
$iframe_url = $gadget->iframeUrl;
$iframe_params = array();
parse_str($iframe_url, $iframe_params);
$info['version'] = isset($iframe_params['v']) ? $iframe_params['v'] : '';
$info['modified'] = $_SERVER['REQUEST_TIME'];
// Insert new application into our db, or if it exists (but had expired info) update the meta data
$db->query("insert into applications\n\t\t\t\t\t\t\t\t(id, url, title, directory_title, screenshot, thumbnail, author, author_email, description, settings, views, version, height, scrolling, modified)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t0,\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['url']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['title']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['directory_title']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['screenshot']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['thumbnail']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['author']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['author_email']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['description']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['settings']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['views']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['version']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['height']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['scrolling']) . "',\n\t\t\t\t\t\t\t\t\t'" . $db->addslashes($info['modified']) . "'\n\t\t\t\t\t\t\t\t) on duplicate key update\n\t\t\t\t\t\t\t\t\turl = '" . $db->addslashes($info['url']) . "',\n\t\t\t\t\t\t\t\t\ttitle = '" . $db->addslashes($info['title']) . "',\n\t\t\t\t\t\t\t\t\tdirectory_title = '" . $db->addslashes($info['directory_title']) . "',\n\t\t\t\t\t\t\t\t\tscreenshot = '" . $db->addslashes($info['screenshot']) . "',\n\t\t\t\t\t\t\t\t\tthumbnail = '" . $db->addslashes($info['thumbnail']) . "',\n\t\t\t\t\t\t\t\t\tauthor = '" . $db->addslashes($info['author']) . "',\n\t\t\t\t\t\t\t\t\tauthor_email = '" . $db->addslashes($info['author_email']) . "',\n\t\t\t\t\t\t\t\t\tdescription = '" . $db->addslashes($info['description']) . "',\n\t\t\t\t\t\t\t\t\tsettings = '" . $db->addslashes($info['settings']) . "',\n\t\t\t\t\t\t\t\t\tviews = '" . $db->addslashes($info['views']) . "',\n\t\t\t\t\t\t\t\t\tversion = '" . $db->addslashes($info['version']) . "',\n\t\t\t\t\t\t\t\t\theight = '" . $db->addslashes($info['height']) . "',\n\t\t\t\t\t\t\t\t\tscrolling = '" . $db->addslashes($info['scrolling']) . "',\n\t\t\t\t\t\t\t\t\tmodified = '" . $db->addslashes($info['modified']) . "'\n\t\t\t\t\t\t\t\t");
$res = $db->query("select id from applications where url = '" . $db->addslashes($info['url']) . "'");
if (!$db->num_rows($res)) {
$error = "Could not store application in registry";
} else {
list($id) = $db->fetch_row($res);
$info['id'] = $id;
$this->invalidate_dependency('applications', $id);
}
}
}
}
if (!$error) {
$this->add_dependency('applications', $info['id']);
}
$info['error'] = $error;
return $info;
}
/**
* Tests ActivitiesHandler->handlePut()
*/
public function testHandlePut()
{
$token = BasicSecurityToken::createFromValues('john.doe', 'john.doe', 'app', 'domain', 'appUrl', '1');
//Create data
$request = array();
$request['url'] = '/appdata/@viewer/@self/@app?fields=count';
$request['method'] = 'POST';
$request['postData'] = array();
$request['postData']['count'] = 'TestHandlePut';
$requestItem = new RestRequestItem();
$requestItem->createRequestItemWithRequest($request, $token);
$this->AppDataHandler->handlePut($requestItem);
//Validate generated data
$request = array();
$request['url'] = '/appdata/@viewer/@self/@app?networkDistance=&fields=count';
$request['method'] = 'GET';
$requestItem = new RestRequestItem();
$requestItem->createRequestItemWithRequest($request, $token);
$response = $this->AppDataHandler->handleGet($requestItem);
$response = $response->getResponse();
$entry = $response->getEntry();
$this->assertEquals('TestHandlePut', $entry['john.doe']['count']);
}
/**
* Extracts the 'st' token from the GET or POST params and calls the
* signer to validate the token
*
* @param SecurityTokenDecoder $signer the signer to use (configured in config.php)
* @return SecurityToken An object representation of the token data.
*/
public function extractAndValidateToken($signer)
{
if ($signer == null) {
return null;
}
$token = BasicSecurityToken::getTokenStringFromRequest();
return $this->validateToken($token, $signer);
}
/**
* Tests through SigningFetcher
*/
public function testSigningFetch()
{
$request1 = new RemoteContentRequest('http://test.chabotc.com/signing.html');
$token = BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default');
$request1->setToken($token);
$request1->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request2 = new RemoteContentRequest('http://test.chabotc.com/ok.html');
$this->basicRemoteContent->invalidate($request1);
$this->basicRemoteContent->invalidate($request2);
$requests = array($request1, $request2);
$this->basicRemoteContent->multiFetch($requests);
$content = $request1->getResponseContent();
$this->assertEquals("OK", trim($content));
$content = $request2->getResponseContent();
$this->assertEquals("OK", trim($content));
}
/**
* Tests that setting "sign_viewer" = false does not include viewer
* information in the request.
*/
public function testSignedNoViewerRequest()
{
$token = BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default');
$params = new MakeRequestOptions('http://www.example.com');
$params->setAuthz('SIGNED')->setNoCache(true)->setSignViewer(false)->setSecurityTokenString(urldecode($token->toSerialForm()));
$request = $this->catchRequest($params, $this->response);
$this->assertContains('oauth_signature', $request->getUrl());
$this->assertNotContains('opensocial_viewer_id=viewer', $request->getUrl());
$this->assertContains('opensocial_owner_id=owner', $request->getUrl());
}
